Privacy Laws in Germany and Europe

Johannes Waldmann, HTWK Leipzig

Privacy: Definitions

this talk: focus on the legal aspects,
in Germany and European Union

Disclaimer: I Am Not A Lawyer,

and this is not legal advice.

What you read here, (hopefully)

but certainly

who am I (for this talk)?

Processing of personal information

…is necessary for society to function

…can be mis-used, threat of mis-use already restricts person’s freedom (e.g., of speech)

…invites mis-use by third parties (criminals)

Privacy Laws: Historic precedents

German/European privacy laws influenced by:

Law Making in Germany

fundamental procedure

on several levels

Laws for Privacy

Processing by State Institutions

Privacy Officer

each state institution has a Privacy Officer (Datenschutzbeauftragter). Tasks:

this officer operates independently

(can inspect all details, rector cannot give orders)

Public and Private Sector

laws for processing of personal data by public (state) institutions are very strict,

laws for processing of personal data by private (commercial) entities are somewhat different:

still there are rules, to protect customers’ interests
(cf. merchants, air transportation)

Processing by Companies

“Free service” business model

Some Ways To Collect Your Data

obvious: store your web site, photos, calendar, e-mail

not that obvious (but if you think for a moment …)

Key Points of Forthcoming EU Policy

http://ec.europa.eu/justice/data-protection/reform/

Is this “killing internet economy”?

What Can You Do Now?

as individuals

as (future) IT professionals: (all of the above and) learn and apply technologies for privacy:

Security in Untrusted Environments

the message should be encrypted,
but the (decryption) key cannot be transported safely.

solutions for secure end-to-end encryption:

Separate Service from Authentication

Experiments: Your Data on the Web

Experiment: break RSA encryption

Extended Euclidean Algorithm

Experiment: break Diffie-Hellman